This post was created for the purposes of entering the H0: Hack the Zero Stack Hackathon. #H0Hackathon
The problem
Small businesses face the same network threats as enterprises but can't afford $100K/year NDR tools. We built ThreatLedger to change that.
What we built
ThreatLedger is a cloud-native Network Detection and Response dashboard that turns raw security logs into actionable threat intelligence using AI.
Live demo: https://threatledger-app.vercel.app
The stack
- Frontend: Next.js 16 on Vercel (scaffolded with v0)
- Database: Amazon Aurora PostgreSQL (AWS us-east-1) with pgvector
- ORM: Prisma
- Auth: Clerk
- AI: ChatGPT API
How it works
- Upload Suricata, Zeek, Firewall CSV, or AWS VPC Flow logs
- Custom parsers extract and normalize alerts
- Correlation engine groups alerts into attack campaigns with composite risk scores
- Kill chain mapping shows attack progression
- Claude API generates plain-English threat summaries
Why Aurora PostgreSQL
Aurora gave us a production-ready database from day one. We enabled pgvector for future semantic search across 21,742 IP reputation records. The Prisma + Aurora combination gave us type-safe queries with zero configuration overhead.
Biggest challenge
Getting Prisma 7 working with Aurora on Vercel's serverless environment required configuring PrismaPg adapter with connection pooling and handling SSL correctly.
What's next
Semantic similarity search using pgvector, MITRE ATT&CK mapping, and real-time log streaming.
Built for the H0: Hack the Zero Stack Hackathon #H0Hackathon
Top comments (0)